2,389 research outputs found
Heap Reference Analysis Using Access Graphs
Despite significant progress in the theory and practice of program analysis,
analysing properties of heap data has not reached the same level of maturity as
the analysis of static and stack data. The spatial and temporal structure of
stack and static data is well understood while that of heap data seems
arbitrary and is unbounded. We devise bounded representations which summarize
properties of the heap data. This summarization is based on the structure of
the program which manipulates the heap. The resulting summary representations
are certain kinds of graphs called access graphs. The boundedness of these
representations and the monotonicity of the operations to manipulate them make
it possible to compute them through data flow analysis.
An important application which benefits from heap reference analysis is
garbage collection, where currently liveness is conservatively approximated by
reachability from program variables. As a consequence, current garbage
collectors leave a lot of garbage uncollected, a fact which has been confirmed
by several empirical studies. We propose the first ever end-to-end static
analysis to distinguish live objects from reachable objects. We use this
information to make dead objects unreachable by modifying the program. This
application is interesting because it requires discovering data flow
information representing complex semantics. In particular, we discover four
properties of heap data: liveness, aliasing, availability, and anticipability.
Together, they cover all combinations of directions of analysis (i.e. forward
and backward) and confluence of information (i.e. union and intersection). Our
analysis can also be used for plugging memory leaks in C/C++ languages.Comment: Accepted for printing by ACM TOPLAS. This version incorporates
referees' comment
Program Analysis Scenarios in Rascal
Rascal is a meta programming language focused on the implementation of domain-specific languages and on the rapid construction of tools for software analysis and software transformation. In this paper we focus on the use of Rascal for software analysis. We illustrate a range of scenarios for building new software analysis tools through a number of examples, including one showing integration with an existing Maude-based analysis. We then focus on ongoing work on alias analysis and type inference for PHP, showing how Rascal is being used, and sketching a hypothetical solution in Maude. We conclude with a high-level discussion on the commonalities and differences between Rascal and Maude when applied to program analysis
Multilevel MDA-Lite Paris Traceroute
Since its introduction in 2006-2007, Paris Traceroute and its Multipath
Detection Algorithm (MDA) have been used to conduct well over a billion IP
level multipath route traces from platforms such as M-Lab. Unfortunately, the
MDA requires a large number of packets in order to trace an entire topology of
load balanced paths between a source and a destination, which makes it
undesirable for platforms that otherwise deploy Paris Traceroute, such as RIPE
Atlas. In this paper we present a major update to the Paris Traceroute tool.
Our contributions are: (1) MDA-Lite, an alternative to the MDA that
significantly cuts overhead while maintaining a low failure probability; (2)
Fakeroute, a simulator that enables validation of a multipath route tracing
tool's adherence to its claimed failure probability bounds; (3) multilevel
multipath route tracing, with, for the first time, a Traceroute tool that
provides a router-level view of multipath routes; and (4) surveys at both the
IP and router levels of multipath routing in the Internet, showing, among other
things, that load balancing topologies have increased in size well beyond what
has been previously reported as recently as 2016. The data and the software
underlying these results are publicly available.Comment: Preprint. To appear in Proc. ACM Internet Measurement Conference 201
Inference of Resource Management Specifications
A resource leak occurs when a program fails to free some finite resource
after it is no longer needed. Such leaks are a significant cause of real-world
crashes and performance problems. Recent work proposed an approach to prevent
resource leaks based on checking resource management specifications. A resource
management specification expresses how the program allocates resources, passes
them around, and releases them; it also tracks the ownership relationship
between objects and resources, and aliasing relationships between objects.
While this specify-and-verify approach has several advantages compared to prior
techniques, the need to manually write annotations presents a significant
barrier to its practical adoption.
This paper presents a novel technique to automatically infer a resource
management specification for a program, broadening the applicability of
specify-and-check verification for resource leaks. Inference in this domain is
challenging because resource management specifications differ significantly in
nature from the types that most inference techniques target. Further, for
practical effectiveness, we desire a technique that can infer the resource
management specification intended by the developer, even in cases when the code
does not fully adhere to that specification. We address these challenges
through a set of inference rules carefully designed to capture real-world
coding patterns, yielding an effective fixed-point-based inference algorithm.
We have implemented our inference algorithm in two different systems,
targeting programs written in Java and C#. In an experimental evaluation, our
technique inferred 85.5% of the annotations that programmers had written
manually for the benchmarks. Further, the verifier issued nearly the same rate
of false alarms with the manually-written and automatically-inferred
annotations
Visual Representations: Defining Properties and Deep Approximations
Visual representations are defined in terms of minimal sufficient statistics
of visual data, for a class of tasks, that are also invariant to nuisance
variability. Minimal sufficiency guarantees that we can store a representation
in lieu of raw data with smallest complexity and no performance loss on the
task at hand. Invariance guarantees that the statistic is constant with respect
to uninformative transformations of the data. We derive analytical expressions
for such representations and show they are related to feature descriptors
commonly used in computer vision, as well as to convolutional neural networks.
This link highlights the assumptions and approximations tacitly assumed by
these methods and explains empirical practices such as clamping, pooling and
joint normalization.Comment: UCLA CSD TR140023, Nov. 12, 2014, revised April 13, 2015, November
13, 2015, February 28, 201
- …